[Linux-users] recent vulnerabilities in the Linux kernel

Robert Lukens rlukens at jlab.org
Thu Nov 5 10:40:41 EST 2009 

FYI:

A couple of vulnerabilities have been reported in the Linux kernel.
Redhat has posted a fix which will be distributed on site through our
standard patch update process on Tuesday, November 17 (see
http://cc.jlab.org/announce/status.html).

Please reboot your JLab-managed Linux machines on Wednesday, Nov 18, to
make the update complete.


If you are not running the Lab's standard Red Hat distribution, please
check you vendor's patch notices for a kernel update.

Details on the vulnerability can be found at the following URLs:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2695
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3547

Thanks.

Bob


-- 
    Robert J. Lukens                                  Jefferson Lab
    Computer Security Manager        12000 Jefferson Ave - Suite #7
                                              Newport News VA 23606
    rlukens at jlab.org   757-269-6376                             USA



-------- Original Message --------
> Subject: [TAM Newsletter] Proactive Notification: Local privilege
> escalation - CVE-2009-3547 and CVE-2009-2695
> Date: Wed, 04 Nov 2009 10:16:25 -0500
> From: tam-newsletter at redhat.com
> Reply-To: tam-newsletter at redhat.com
> To: tam-newsletter at redhat.com
>
> Issue:
>      kernel: fs: pipe.c null pointer dereference (CVE-2009-3547)
>      kernel: SELinux and mmap_min_addr (CVE-2009-2695)
>
> Those Affected:
>      All currently supported versions of Red Hat Enterprise Linux
> including MRG
>
>
> Fix/Workaround:
>      MRG: https://rhn.redhat.com/errata/RHSA-2009-1540.html
>      RHEL 5: https://rhn.redhat.com/errata/RHSA-2009-1548.html
>      RHEL 4: https://rhn.redhat.com/errata/RHSA-2009-1541.html
>      RHEL 3: https://rhn.redhat.com/errata/RHSA-2009-1550.html
>
>
> Details:
> Two NULL pointer dereference vulnerabilities were made public on 
> November 3rd. Either could allow users with access to a system to
> elevate their privledges. They are rated by the Red Hat Security
> Response Team with a security impact of "Important". Several other
> bugs and security issues are also addressed with the updated kernels.
> All users of Red Hat Enterprise Linux are encouraged to updated their
> kernels. if you have questions or need more information, please
> contact your TAM.
>
> The TAM newsletter is provided by Red Hat Global Support Services to
> better serve our customers. Red Hat would like your opinion on the
> services you have been receiving and the value of this newsletter.
> Please submit your feedback via email to taofeedback at redhat.com If you
> would like to unsubscribe or change your subscription information,
> please visit the link below.
> _______________________________________________
> Tam-newsletter mailing list
> Tam-newsletter at redhat.com
> https://www.redhat.com/mailman/listinfo/tam-newsletter

More information about the Linux-users mailing list